The creators of Wireshark, Gerald Combs and Loris Degioanni, have unveiled Stratoshark, a groundbreaking tool designed to bring Wireshark’s renowned capabilities into the cloud era.
Building on over 25 years of experience with Wireshark, which has become a staple for network analysis with over 5 million daily users, Stratoshark aims to address the challenges of modern cloud environments by focusing on system call analysis.
Wireshark, originally developed to democratize access to network-level visibility, transformed the industry by providing an affordable and intuitive solution for analyzing complex datasets.
Stratoshark Key features include:
- Familiar 3-Pane Interface: Navigate seamlessly between the big picture and detailed data, similar to Wireshark.
- Advanced Filtering: Leverage Wireshark’s powerful filtering system to quickly pinpoint the information you need.
- Falco Integration: Effortlessly analyze captures triggered by Falco detections to streamline your security workflows.
- Customizable Displays: Adjust and tailor the interface to match your specific use case, just like in Wireshark.
Now, Stratoshark applies the same principles to a new domain: troubleshooting and investigating activity in Linux-based systems, including containerized environments.
Stratoshark retains the core design elements that made Wireshark a success:
- Three-Pane UI: Users can navigate between high-level overviews and detailed data seamlessly.
- Flexible Filtering: The tool leverages Wireshark’s powerful filtering system for precise analysis.
- Customizable Displays: Like its predecessor, Stratoshark allows users to tailor the interface to their specific needs.
However, Stratoshark is tailored for cloud environments, enabling users to capture and analyze Linux system activity such as file I/O operations, command executions, network activity, and interprocess communication. This makes it an essential tool for troubleshooting performance issues and investigating security events.
One of Stratoshark’s standout features is its integration with Falco, an open-source runtime security tool. This allows users to analyze captures generated by Falco detections, streamlining workflows for security professionals and making it easier to identify and address potential threats.
A New Era for Cloud Troubleshooting
Stratoshark, a sibling to Wireshark, analyzes system calls and logs with a familiar interface. Instead of packets, it captures events like a curl download, showing system calls from library loading to server connections.
Details such as process name, user, file paths, and more are displayed. For instance, selecting an event that reads a dynamic library reveals both the system call and the dissected executable header within the library.
Combs and Degioanni emphasized that Stratoshark is built on the same philosophy that drove Wireshark’s success making powerful tools accessible and intuitive.
“Modern cloud-based applications generate overwhelming amounts of data,” they noted. “Stratoshark provides everything you need in a single capture.”
For those familiar with Wireshark’s workflows, Stratoshark will feel like home. Its panels, shortcuts, and display filter language mirror those of its predecessor, ensuring a smooth transition for existing users.
With Stratoshark, DevOps teams can:
• Analyze cloud system calls and logs with Wireshark-like granularity.
• Bridge the visibility gap between traditional networks and dynamic cloud workloads.
• Combine Wireshark’s rich insights with Falco’s real-time cloud security.
For newcomers, the creators believe Stratoshark will be just as transformative as Wireshark has been for network analysis.
Stratoshark is now available for download. For more information about its features or to get started, visit the official website.
With Stratoshark, Combs and Degioanni hope to redefine how cloud system troubleshooting is approached, just as they did with network analysis decades ago.
Stratoshark inherits much of Wireshark’s user interface and workflows, offering a three-pane design that allows users to navigate high-level summaries while diving into detailed event data.
This familiarity ensures that existing Wireshark users can easily transition to Stratoshark while extending their expertise into cloud environments.Key features include:
- System Call Analysis: Capture and dissect system-level activities in Linux environments.
- Falco Integration: Analyze alerts generated by Falco for streamlined security workflows.
- Customizable Displays: Tailor views to specific use cases, just like in Wireshark.
- Open-Source Foundation: Built on eBPF technology for efficient data collection from the Linux kernel.
Addressing Cloud Complexity
Cloud-native environments introduce challenges such as distributed workloads, ephemeral containers, and complex networking setups like Kubernetes service meshes.
Stratoshark is designed to be agnostic to these complexities, focusing instead on endpoint-level data collection. This makes it particularly useful for diagnosing issues like Kubernetes CrashLoopBackOff errors or analyzing containerized application behavior.
“Wireshark users live by the phrase ‘pcap or it didn’t happen,’ but until now cloud packet capture hasn’t been easy or even possible,” said Gerald Combs, co-creator of Wireshark and Stratoshark. “Stratoshark helps unlock this level of visibility.”
Stratoshark is part of the broader scap ecosystem, which includes tools like Sysdig OSS for command-line syscall monitoring and Falco for runtime security.
.png)
This ecosystem mirrors the success of the pcap ecosystem centered around libpcap that made tools like Wireshark interoperable with others such as Zeek, Snort, and nmap.
By combining Wireshark’s intuitive workflows with Falco’s real-time cloud-native security capabilities, Stratoshark empowers network professionals to extend their skills to modern infrastructure. You can download Stratoshark and learn more at the website.
Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN Sandox -> Try for Free
